Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!think.com!spool.mu.edu!uunet!mcsun!hp4nl!philapd!idcapd!dejong
From: dejong@idca.tds.PHILIPS.nl (Hans de Jong)
Newsgroups: comp.mail.sendmail
Subject: Security in sendmail and SMTP?
Keywords: sendmail security SMTP From authentication
Message-ID: <1443@idcapd.idca.tds.philips.nl>
Date: 3 Jun 91 09:03:07 GMT
Article-I.D.: idcapd.1443
Organization: Philips Information Systems, Apeldoorn, The Netherlands
Lines: 27

I am trying to find out about security in sendmail and SMTP. What I see is:

1) Sendmail has no possibility to change headers in a mail item. It can add
   header lines, but will not affect them when they are present.
2) The only exception seems to be the From: line, but only the machine name
   part of the address. Changing that requires root permission. 
   But the user can directly set the username as well as the full name.
3) SMTP uses no passwords. So any machine that can connect to another machine
   will be accepted as the machine it pretends to be (i.e., whatever is in
   the HELO command or MAIL FROM: command is accepted.

My questions are:

1) Are my observations correct?
2) Are there options in sendmail to avoid that the user can pretend to send
   mail as someone else?
3) Reading RFC821, the From: line may be set to indicate another user than the
   one actually sending. In that case there should be a Sender: line present
   to indicate who the actual sender is. But sendmail doesn't seem to enforce
   this. At the same time, it doesn't allow for a different machine name in
   From: than the own machine (unless I am superuser). 
   Is there literature outside RFC821 that describes how the From:, Sender:,
   Resent-From: and Resent-Sender: lines have to be treated.

Thanks

Hans